Selected publications at LSV

Privacy-type properties such as vote secrecy, anonymity, or
untraceability are typically expressed using the notion of trace equivalence
in a process algebra that models security protocols. In this paper, we
propose some results to reduce the search space when we are looking for an
attack regarding trace equivalence. Our work is strongly inspired from [10],
which establishes that, if there is a witness of non trace equivalence, then
there is one that is well-typed.
Our main contribution is to establish a
similar result for trace inclusion. Our motivation is twofolds: first, this
small attack property is needed for proving soundness of the tool SatEquiv
[13]. Second, we revisit the proof in order to simplify it. Specifically, we
show two results. First, if there is a witness of non-inclusion then there is
one that is well-typed. We establish this result by providing a decision
procedure for trace inclusion similar to the one proposed in [10] for trace
equivalence. We also show that we can reduce the search space when
considering the notion of static inclusion. Acutally, if there is a witness
of static non-inclusion there is one of a specific shape.
Even if our
setting slightly differs from the one considered in [10], our proofs
essentially follow the same ideas than the existing proof for trace
equivalence. Nevertheless, we hope that this proof will be easier to extend
to other primitives such as asymmetric encryption or signatures.